Designing secure PUF-based authentication protocols for constrained environments

Physical Unclonable Functions (PUFs) are widely used in cryptographic authentication and key-agreement protocols due to their unique physical properties. This article presents a comprehensive cryptanalysis of two recently developed authentication protocols, namely PLAKE and EV-PUF, both relying on PUFs. Our analysis reveals significant vulnerabilities in these protocols, including susceptibility to impersonation and key leakage attacks, which pose serious threats to the security of the underlying systems. In the case of PLAKE, we propose an attack that can extract the shared secret key with negligible complexity by eavesdropping on consecutive protocol sessions. Similarly, we demonstrate an efficient attack against EV-PUF that enables the determination of the shared key between specific entities. Furthermore, we highlight the potential for a single compromised client in the EV-PUF protocol to compromise the security of the entire network, leaving it vulnerable to pandemic attacks. These findings underscore the critical importance of careful design and rigorous evaluation when developing PUF-based authentication protocols. To address the identified vulnerabilities, we present an improved PUF-based authentication protocol that ensures robust security against all the attacks described in the context of PLAKE and EV-PUF. Through this research, we contribute to the field by exposing vulnerabilities in existing PUF-based authentication protocols and offering an improved protocol that enhances security and safeguards against various attack vectors. This work serves as a valuable reference for researchers and practitioners involved in the design and implementation of secure authentication schemes for IoT systems and dynamic charging systems for electric vehicles.

The Internet of Things (IoT) has profoundly transformed our interaction with the environment, encompassing domains such as smart homes and industrial automation.Nevertheless, the widespread adoption of IoT devices has introduced novel security challenges, necessitating the development of lightweight and secure authentication protocols 1 .Conventional cryptographic solutions tend to be excessively resource-intensive and costly for IoT devices, which typically operate under resource constraints.Consequently, there is an increasing demand for alternative solutions that offer robust security 2 , while simultaneously being lightweight and cost-effective 3 .
Secure communication systems require authentication as a crucial component to ensure that only authorized users or processes can access sensitive information or resources.Authentication protocols typically involve the exchange of credentials, such as usernames and passwords, to verify the identity of the user or process 4 .However, recent research has exposed vulnerabilities in many authentication protocols that attackers can exploit by exploiting weaknesses in the protocol design or implementation 5,6 .Conducting such security analyses aims to contribute to the broader understanding and knowledge of the design of secure protocols.It is important to subject any security mechanism to thorough independent analysis before placing trust in its effectiveness, for instance.

Motivation
It is widely acknowledged that before any new security mechanism can be deemed trustworthy, its security must be thoroughly vetted by third-party experts to ensure it is not vulnerable to potential shortcomings.Two recently proposed authentication protocols, namely PLAKE 15 and EV-PUF 16 , are notable for their reliance on physical unclonable functions (PUFs) as a foundational building block to provide robust security against a wide range of attacks, including cloning attacks.Additionally, both protocols leverage one-way hash functions to ensure data integrity.The designers of these schemes have claimed a high level of security, yet no independent security evaluations have been conducted to validate their assertions to the best of our knowledge.Given these shared characteristics, we are motivated to shed light on the security level of these protocols and determine whether they have indeed achieved their claimed level of security.

Our contribution
The primary contribution of this paper is a comprehensive security evaluation of two recently proposed authentication protocols that rely on PUFs, namely PLKE and EV-PUF.
Our analysis of PLKE reveals a novel attack that enables efficient recovery of secret parameters for this protocol.Specifically, our proposed attack allows an adversary to determine the shared key for all sessions after a minimum of two consecutive sessions, based solely on the messages transmitted over the public channel.The attack is passive and has negligible complexity, and can also be extended to enable impersonation and desynchronization attacks.
In addition, our security evaluation of EV-PUF exposes several vulnerabilities that undermine the security guarantees claimed by the protocol.Specifically, we demonstrate that the protocol does not provide forward secrecy and is susceptible to attacks by privileged insider adversaries, impersonation attacks, and session key compromise.Furthermore, we show that compromising a single node within the network can have a significant impact on the security of all other nodes, rendering the protocol vulnerable to pandemic attacks 17 .All of the proposed attacks are highly efficient and easy to execute.
The paper presents a novel PUF-based authentication protocol designed to provide secure authentication and key-agreement for IoT systems or electric vehicle charging systems.The protocol leverages the unique physical properties of PUFs combined with a sound but lightweight cipher suite (Ascon 18 ) to establish mutual authentication and generate shared secret keys.

Paper orgnaization
The remainder of this paper is structured as follows.Section "Preliminaries" provides an overview of PUFs and their applications in Internet of Things (IoT) security, as well as a description of target protocols.In this section, we also introduce adversary models.In Sections "Security analysis of PLAKE" and "Security analysis of EV-PUF", we discuss, respectively, the security analysis of the PLAKE and EV-PUF protocols.In Sections "PUF-Based Mutual Authentication Protocol", taking the lessons learned from our analysis, we propose a new PUF-based mutual authentication protocol and its security and cost analysis are given in Sections "PUF-Based Mutual Authentication Protocol".Finally, we conclude the paper in Section "Conclusion".

Preliminaries
In this section, the required preliminaries in this paper are briefly reviewed.Table 1 represents the notations used in this paper.

An overview on PUF
A Physical Unclonable Function (PUF) is a hardware security primitive that exploits the unique and unpredictable variations in physical characteristics of a device to generate a unique identifier or a cryptographic key.PUFs can be classified based on different criteria, such as their operating principle, the type of physical variations they exploit, and the type of output they produce 19,20 .
One classification is based on the operating principle, where PUFs can be divided into two main categories: challenge-response PUFs and true random number generators (TRNGs) with PUF-based entropy sources.Challenge-response PUFs generate a response to a challenge input based on the unique physical characteristics of the device, while TRNGs with PUF-based entropy sources extract randomness from the physical variations in the device.
Another classification is based on the type of physical variation exploited by PUFs.PUFs can exploit various physical characteristics, such as delay, noise, power consumption, and ring oscillator frequencies, among others.For example, a ring oscillator (RO) PUF exploits the variations in the oscillation frequency of a ring oscillator circuit due to manufacturing process variations or environmental factors.
PUFs can also be classified based on the type of output they produce.PUFs can produce binary or multi-bit responses, depending on the application requirements.For example, a binary PUF produces a single-bit response, while a multi-bit PUF produces multiple bits of output.
Some commonly used PUFs include the Arbiter PUF, the RO PUF, and the Magnetic PUF, among others.The performance and security characteristics of PUFs depend on various factors, such as design parameters, the quality of the physical variations exploited, and environmental conditions.
PUFs have emerged as a promising solution for improving the security of devices in the Internet of Things (IoT) due to their low power consumption, small footprint, and resistance to physical and side-channel attacks [21][22][23] .
PUFs have found numerous applications in IoT security, including secure bootstrapping, secure firmware updates, secure key exchange, and secure communication.For example, PUFs can be used to generate unique device identities that are resistant to cloning and counterfeiting, allowing secure device authentication and access control 23 .PUF-based key exchange protocols can be used to establish secure communication channels between IoT devices [24][25][26][27][28] .Furthermore, recent research has focused on developing new PUF-based security mechanisms that address the limitations of traditional PUFs.For example, PUFs based on machine learning have been proposed that are more resistant to modeling attacks 29 .Recent surveys and reviews have provided a comprehensive analysis of the state of the art of PUFs, including their architectures, protocols, and security for Internet of Things (IoT) applications 23,30 .These publications have investigated the role of PUFs in IoT security, analyzed PUF-based threats on IoT devices, discussed possible defense strategies, and presented existing PUF architectures and authentication protocols using PUFs.They have also evaluated the progress, challenges, and future expectations of PUF-based security protocols for IoT devices 23,30 .
In summary, PUFs are a promising security primitive for IoT devices that can be used to enhance the security of authentication, key exchange, and data protection protocols.Recent research has shown increasing interest in PUF-based security mechanisms, and further exploration of their potential in IoT security is ongoing.

Adversary model
The security of the protocols is evaluated using two different adversary models: the adversary model "Dolev-Yao (DY)" 31 and the "Canetti-Krawczyk (CK)" 32 adversary model.
In the DY adversary model, the adversary is assumed to have complete control over the communication channels between parties but does not have access to their internal values.This means that the adversary can intercept, modify, or replay messages between the parties but cannot extract any secret information from them.
In contrast, the CK adversary model is a stronger adversary model that allows the adversary to extract secret credentials and compromise established session keys.This means that the adversary can obtain access to the internal values of the parties and use this information to compromise the security of the protocol.
By evaluating the security of the protocols under both adversary models, we can ensure whether they provide sufficient protection against attacks from both weaker and stronger adversaries.

PLAKE
Because of the rising amount of cyber assaults, the security of Internet of Things (IoT) systems has become a serious problem.Before transmitting sensitive data, mutual authentication confirms the identity of both the device and the server.Physical unclonable functions (PUFs) have emerged as a potential alternative to the mutual authentication of an IoT system.PUFs are hardware-based security primitives that provide unique and unpredictable answers to challenge input, allowing devices and services to be authenticated 33 .In this section, we briefly review the PLAKE 15 which is a PUF-based mutual authentication protocol for IoT systems.The PLAKE protocol runs in two phases: a one-time enrollment phase and a device authentication and key exchange phase.

One-Time Enrollment (OTE) phase
This phase which is accomplished in a secure channel and only once time before IoT devices deployment runs as below: 1.The server generates a PUF challenge C i A for C A for instance; 2. retrieves the PUF response i.e.R i A = PUF C (C i A ); 3. and saves the PUF-CRP i.e. the couple (C i A , R i A ) in the secure memory of IoT Device ( ID <C A > ).

Device Authentication and Key Exchange Phase
This phase compromises two steps: node-to-node (N2N) communication and node-to-server (N2S) communication.
Node to Node (N2N) Communication: 1. Connection Initialization This step runs as below: • The communicator IoT device ( C A ) sends a connection request message < ID A > to C B ; • Once received the message, C B sends N2N connection request < ID A , ID B > to the server.
• The server extracts the corresponding PUF CRPs of C A and C B from its memory, e.g.
• The sever produces two random values as RN i and sk i AB and then calculates Server authentication In these steps C A and C B authenticate the server through following steps: • If they are equal, C A successfully authenticates the server.C B also authenticates the server, as mentioned about C A . 3. C A and C B Mutual Authentication • Once the server authentication completed, C A and C B extract sk i AB from the recived messages.
and then checks whether it is equal to its PUF-generated response to the challenge C i B given by the server, to successfully authenticate A and then checks whether it is equal to its PUF-generated response to challenge C i A given by the server, to authenticate C B .Once the nodes C A authenticated the server and also mutually authenticate C B , it goes to the update phase to update its CRP responses to ) , and sends < M i SA , H i SA > to the server.Similarly, C B authenti- cates the server and C A and updates its CRP responses to , and sends < M i SB , H i SB > to the server.4. Server authentication of C A and C B The server authenticates both IoT devices and also updates the secure PUF CRP database as follows: (a) Upon receiving the messages, the server uses the bit sequences M SA and M SB to generate updated PUF responses from

respectively. (d) The server replaces and saves
5. Set session key After successful authentication between communicating nodes, sk i AB acts as a session key for secure communication between neighboring nodes.This private key is updated each time a new session is established.

Node to Server (N2S) Communication:
1. Connection Initialization IoT device C B with the identifier of ID B sends a connection request to the server.
After receiving the request, the server retrieves the stored PUF-CRP, i.e. (C i B , R i B ) using ID B and then gener- ates a random number RN and computes Server Authentication After receiving the message, C B first forwards C i B to its embedded PUF instance and generates the corresponding RN and then checks received H B to authenticate the server.If it is held, C B will create a PUF-CRP and send it to the server.
B �M SB ) and sends < M SB , H SB > to the server.

Node Authentication The server extracts R i+1
B as RN ⊕ M SB and verifies H SB .If it is correct, the server suc- cessfully authenticates C B and updates the challenge . Finally, the server updates the secure PUF-CRP database.4. Set session key After completing server authentication and node authentication in the N2S protocol, the server and IoT devices can establish secure communication using R i+1 B as the private key for this particular session which is updated with each new session.

EV-PUF
The Intelligent Transportation System (ITS) facilitates the communication between vehicles through Vehicular to Vehicular (V2V) and Vehicular to Infrastructure networks 34 .Wireless Power Transfer (WPT) technology has emerged as a promising solution to charge electric vehicles (EV) in ITS, allowing electric vehicles to charge their batteries while driving.Inductive power transfer technology (IPT) is a type of WPT that has been shown to be effective for EV charging 35 .For example, Sweden is currently building the world's first permanent electrified road for EVs that utilizes an inductive charging system buried under the road surface to send electricity to a coil in the EV 36 .Electrified roadways, which integrate wireless charging infrastructure into asphalt, have the potential to enable EVs to operate continuously with unlimited power.
The EV-PUF protocol is an authentication protocol designed for the dynamic charging systems of electric vehicles, which utilizes a lightweight approach based on PUF technology.The protocol involves five key components, namely the Trusted Service Provider (TSP), Region Charging Server (RCS), Road Side Units (RSUs), Electric Vehicle (EV), Charging Pads (CP), and users (drivers).The proposed protocol includes many steps but we just explain those parts that are required to understand the proposed attacks.An interested reader could find all details of the EV-PUF in Ref. 16 .It should be noted EV-PUF uses two variants of PUF, i.e.RPUF, and WPUF.However, it has no effect on our attack, and the proposed attacks work for any type of PUF.Hence, for the sake of simplicity of notation, we just use PUF(•) to describe both.

Initialization
In this phase of the protocol, the TSP selects a secure cryptographic hash function H(•) , private keys < SK RSU i , SK TCS i , SK EV > .It also selects a group key G pad and forwards it to each RSU and each CP.

RSU registration
To register an RSU, the RSU generates a random identifier ID RSU i and sends it to TSP.The TSP com- putes K RSU i = H(ID RSU i �SK RSU i ) and stores ID RSU i and K RSU i in a table T RSU .Then it generates PU RSU i and PR RSU i respectively as the public and private key of RSU i and stores them.Next, TSP sends

RCS registration
To register an RCS, it generates a random identifier ID RCS i and sends it to TSP.The TSP computes K RCS i = H(ID RCS i �SK RCS i ) and stores ID RCS i and K RCS i in T RCS , as a table.Then generates PU RCS i and PR RCS i , respectively, as the public and private key of RCS i and stores them.Finally, TSP, sends and store < X S , Y EV , T EV , C EV , H(SK RSU i ) > in a tamper-proof memory and sends < PID EV , R i , K i , R x ) > to TSP.Once the message has been received, TSP stores

User authentication
In this phase of the protocol, the user / owner of the EV inserts PW u and given the timestamp T c , SC computes i = H(PW u �ID u ) , L = H(i�P) and K = H(L�T c �SID) and sends < K T c SID > to EV. EV verifies whether T c − T r < T and also the received K to authenticate the user and update SID as SID new = H(SID�P) in its database and in the SC's memory.

Login and mutual authentication
This phase of the protocol takes place between EV and RSU.On the EV side, the identifier Once the message has been received, the RSU computes ) and verifies whether D = H(PID EV �Q S �RN 1 �B) accepts the request and achieves the parameters i+1 ⊕ k i are computed and the session key is driven as SK = H(RN 2 �RN 3 �R 1 i �R 2+ i ).After mutual authentication with RSU, the authenticated EV can request a charge by sending < CH i req , N ct > .In response, RSU chooses a seed S i to compute KDF SK (S i ) = K 1 �K 2 and V 4 = H(K 1 �K 2 �N c t) and send < S i , V 4 > to EV.It also computes Tag = H(K 1 �K 2 �PID EV �ID RSU i �N ct ) and sends < E Gpad (Tag) > to the 1 st CP.Once received the message, EV once again computes KDF SK (S i ) = K 1 �K 2 and V 4 = H(K 1 �K 2 �N c t) to verify the correctness of V 4 .Then it calculates Tag = H(K 1 �K 2 �PID EV �ID RSU i �N ct ) and sends < Tag > to the 1 st CP.The first CP compares the Tag received from EV and the encrypted one from RSU.

Handover
The handover phase occurs if the EV moves from an RSU to another RSU or from an RCS to another RCS.In this regard, and when the EV moves from RSU i to RSU j , the EV sends a handover request to RSU i , where it finds the nearest RSU, for example, RSU j , and sends < RN 4 , ID RSU j > to the EV and sends < E PU RSU j (PIDV EV , RN 4 , ID RSU i ) > to RSU j .Using its T EV , the EV cross-checks the received ID RSU j to compute G = H(PID EV �ID RSU i �RN 4 �ID RSU j ) and send it to RSU j and also compute SK T = H(PID EV �RN 4 ) .On the other hand, RSU j decr ypts the received message from RSU i and once again computes G = H(PID EV �ID RSU i �RN 4 �ID RSU j ) to authenticate EV and compute SK T = H(PID EV �RN 4 ).
In a similar approach, when the EV moves from RCS i to RCS j , EV sends a handover request to RCS i , where it finds the nearest RCS, e.g.RCS j , and generates RN 5 and computes V 5 = H(RN 5 �K RCS j �ID RCS j ) and sends < ID RCS j , V 5 > to EV.It also sends < E PU RCS j (PID EV , RN 5 , ID RCS i , V 5 ) > to RCS j .Using its T EV , the EV crosses check the received ID RCS j to compute L = H(PID EV �ID RCS i �V 5 �ID RCS j ) and sends it to RCS j .Once received

Security analysis of EV-PUF
In 16,TABLE XI] , the designers claimed the security of EV-PUF against various attacks, including impersonation, privileged insider, password leakage, stolen smart card attacks, and satisfying forward secrecy.In this section, we evaluate the security of EV-PUF in an adversary model similar to that of the designers 16, Sec.III.B] , i.e.Dolev-Yao model 31 and the CK-adversary model 32 to shed light on the security of the protocol from an independent thirdparty point of view.We acknowledge that launching impersonation attacks or conducting insider attacks can be challenging in a time-constrained environment, e.g. during the handover process.However, it is important to note that our evaluation of the EV-PUF protocol is based on the security claims made by its designers.As mentioned in the threat model, adversaries attempt to acquire sensitive information by launching passive or active attacks on communications transmitted through a public channel among communicative parties.Our proposed attacks against the EV-PUF protocol are based on the same assumption.We appreciate the practical difficulty of executing certain types of attacks within the stringent time constraints of the charging phase and the handover process for instance.Nevertheless, it is essential to thoroughly evaluate the security of any protocol against the potential threats specified in the designated threat models.By identifying vulnerabilities and proposing improvements, we aim to enhance the overall security and resilience of the EV-PUF protocol.

The lack of forward secrecy
A protocol provides forward secrecy if compromising long-term secrets does not compromise the confidentiality of the data transferred in previous sessions, even if the adversary has eavesdropped on the entire communication in those sessions.In other words, if an adversary can compromise the long-term secret of a party after the completion of a session j, it should not be able to determine the session key used in a previous session i.
Forward secrecy is typically achieved by using ephemeral keys, which are generated for each session and are not stored after the session's completion.If an adversary compromises a party's long-term secret, it will not be able to derive the session key for any previous session because the session key was derived from an ephemeral key that has been discarded.
In general, forward secrecy is an important security property that provides protection against attacks that rely on the compromise of long-term secrets.By utilizing ephemeral keys, protocols can ensure that, even if an adversary gains access to long-term secrets, the confidentiality of previous sessions remains intact.
Following Section "EV-PUF", the shared key is computed as SK = H(RN 2 �RN 3 �R 1 i �R 2+ i ) and the transferred messages over the channel are On the other hand, from "EV-PUF", TSP stores < PID EV , C i , R i , k i , R x ) > in a table entitled T CRP and k i is not updated.Therefore, it is reasonable to consider adversarial access to these data while evaluating the forward

Impersonation attack
The protocol provides security against impersonation attacks if the adversary cannot impersonate any protocol's party toward another party with non-negligible probability.On the other hand, after mutual authentication of EV, it can request a charge, where following Section "EV-PUF", RSU chooses a seed S i to compute KDF SK (S i ) = K 1 �K 2 and V 4 = H(K 1 �K 2 �N c t) and send < S i , V 4 > to EV.It also computes Tag = H(K 1 �K 2 �PID EV �ID RSU i �N ct ) and sends < E Gpad (Tag) > to the 1 st CP.Once the message has been received, EV recomputes KDF SK (S i ) = K 1 �K 2 and V 4 = H(K 1 �K 2 �N c t) to verify the correctness of V 4 .Then it calculates Tag = H(K 1 �K 2 �PID EV �ID RSU i �N ct ) and sends < Tag > to the 1 st CP.The first CP compares the Tag received from EV and the encrypted one from RSU.However, an adversary can eavesdrop on the transferred messages toward CP and replay them at any time and receive a charge illegitimately.

Privileged insider attack
A privileged insider adversary is assumed to have more capability compared to an inherent adversary.A common capability could be its access to the stored data in the memory of the transferred data through secure channels, for example during the registration phase of a protocol 37,38 .Following this fact, we evaluate the security of EV-PUF.It is clear TSP stores < PID EV , C i , R i , k i , R x ) > in a table entitled T CRP and k i is not updated.Hence, similar to the attack process described in Section "The lack of forward secrecy" given k i and the messages transferred over the public channel, the adversary could recover the shared session key between EV and RSU.
Another type of insider could be malicious EV i .Such adversary has access to H(SK RSU i ) and ID RSU i .It is worth noting that ID RSU i could also be accessed from the public channel because it is transferred plainly from RSU to EV during handover from RSU j towards RSU i for instance.However, we need a malicious EV or other insiders for H(SK RSU i ) .Given H(SK RSU i ) and ID RSU i and also < B, D, RN 1 , n * 2 , V 1 > which is sent to the RSU by EV j in Section "EV-PUF", where B = PID EV j ⊕ H(ID RSU i �n − 1�H(SK RSU i )) the adversary can retrieve PID EV j .Hence, the adversary which has access to just a single malicious EV i is able to retrieve the PID EV j of any target EV j , once it participates in a login and authentication session with RSU i .This violates the privacy of the location of electric vehicles.

Pandemic attack
Let's assume the adversary compromised a node, e.g.EV i .In this case following Section "The lack of forward secrecy", the adversary is able to access ID RSU i and H(SK RSU i ) also retrieve PID EV j for any EV j which commu- nicates with RSU i , from B = PID EV j ⊕ H(ID RSU i �n − 1�H(SK RSU i )) .This information is enough to consider this protocol as a victim of the pandemic attack.
A consequence of this attack is to do RSU impersonation and connect the target EV j to a desired RSU j , which could be a malicious one even.More precisely, following Section "EV-PUF", the target EV, for which the adversary already extracted its PID EV j through the pandemic attack, sends a handover query.In this point, the adversary decides the target RSU, e.g.RSU m , and sends < RN 4 , ID RSU m > to EV and sends < E PU RSUm (PIDV EV j , RN 4 , ID RSU i ) > to RSU m .Using its T EV , the EV cross-checks the received ID RSU m to com- pute G = H(PID EV j �ID RSU m �RN 4 �ID RSU m ) and send it to RSU m and also computes SK T = H(PID EV j �RN 4 ) .On the other hand, RSU m decrypts the received message from RSU i and once again computes G = H(PID EV j �ID RSU i �RN 4 �ID RSU m ) to authenticate EV and compute SK T = H(PID EV �RN 4 ) .At the end of the process, the adversary impersonated RSU i successfully and could also access the shared SK T = H(PID EV �RN 4 ).

PUF-based mutual authentication protocol
In this section, we propose a PUF-based mutual authentication protocol for IoT systems with forward secrecy.Besides a PUF, we also use Ascon cipher suite 18 to provide confidentiality and integrity of the transferred messages, including Ascon-128 as an authenticated cipher and Ascon-Hash as a cryptographic hash function.Ascon has been designed to be easy to implement, scalable, and resistant to timing and side-channel attacks.Ascon has been selected by NIST for future standardization of lightweight cryptography and is recommended for resourceconstrained environments.For an authenticated cipher, if K, N, A, P, C, T are respectively key, nonce, associated data, plaintext, ciphertext, and the integrity check-value, then 6 :

Device registration
When a new IoT device is manufactured, it should be registered through a secure channel with a trusted entity, such as a server or gateway, that holds a database of registered devices as follows: 1.The device generates an identity ID x and sends it to the server.2. The server generates a random challenge C x and sends it to the device.

T h e d e v i c e c o mp u t e s
x , ID x ) and sends {Help x , R ′ x } to the server and stores (ID x , IDS old x , IDS new x ). 4. the server recompute IDS x = H(R ′ x , ID x ) and stores {C x , R ′ x , ID x , Help x } , indexed by IDS x , in a secure memory.

Mutual authentication protocol
The mutual authentication phase is as follows, also depicted in Fig. 1: 1.The device sends its session identifier IDS x along a fresh random number R D as M 1 = {IDS x , R D } to the server, over a public channel.2. The server extracts {C x , R ′ x , ID x , Help x } based on the given IDS x .Then it generates a fresh random number R S , computes Y S = H(ID x �R D �R S ) ⊕ (Help x �C x ) and V S = H(Y S �R ′ x �Help x �C x ) and sends M 2 = {R S , V s , Y s } to the device, over public channel.

The device extracts Help
x , Help x ) and verifies whether V S ?= H(Y S �R ′ x �Help x �C x ) to authenticate the server.If the server has been authenticated successfully, the device computes ))} to the server as M 3 .

The server computes SK
x , in a secure memory and also remove the previous record.

The session key is defined as SK
It is worth noting that in Ascon's computation, the nonce is derived as the XOR of R D and R S , while the associated data is formed by concatenating C x and R ′ X .Although this information could be transmitted over a channel, it is not necessary in this protocol because both entities already possess this information.

Security and cost evaluation of the proposed protocol
In this section, prior to conducting a comparison with other protocols, we present an informal argument for the security of the proposed protocol against various attacks.

Replay attacks
The protocol incorporates session-dependent nonces, R D contributed by the device and R S contributed by the server, as part of the authentication process.Additionally, the identifier is updated for each new session, rendering previous authentication data invalid.These measures effectively prevent replay attacks by ensuring the freshness of the authentication process.The nonces are utilized to challenge the device/server, making it almost impossible to replay previously recorded responses and maintaining the integrity of the protocol.

Impersonation attacks
The protocol incorporates session-dependent nonces, R D contributed by the device and R S contributed by the server.Additionally, several other messages are transferred over public channels, including Y S , V S and (C, T ) , where: These messages play a crucial role in preventing impersonation attacks.To impersonate the server, an adversary A would need to compute a valid (Y S , V S ) for a given R D .However, this task is infeasible without at least the knowledge of R ′ x .Importantly, R ′ x is never transmitted in plain text over the public channel, making it highly challenging for an adversary to acquire this critical information.
On the other hand, to impersonate the device, A would need to provide a valid (C, T ) , which again is not feasible without at least the knowledge of R ′ x .This safeguard ensures that unauthorized devices or servers cannot impersonate valid devices or servers, as the required information for constructing valid (C, T ) remains protected.
By relying on the secrecy of R ′ x and ensuring its non-disclosure over public channels, the protocol effectively prevents impersonation attacks and maintains the integrity and authenticity of the communication between devices and servers.

Session key compromise attack
The protocol does not directly address session key compromise attacks.However, each session uses a new set of ephemeral key pairs.In the event of a compromise of a session key, assuming that the adversary missed at least the data of a session after it, the impact is limited to that specific session, ensuring forward secrecy.Other sessions and their associated keys remain secure.

Secret key extraction
The session key, denoted as SK, is derived by applying the hash function H to the concatenation of R D , R S , C x , R ′ x , and ID x , i.e., SK = H(R D �R S �C x �R ′ x �ID x ) .Extracting the session key would necessitate knowledge of (C x �R ′ x �ID x ) , which is practically unattainable without possessing at least the values of R ′ x and ID x .Furthermore, it is crucial to emphasize that these values are always transmitted in an encrypted format during the communication process.This additional security measure reinforces protection against unauthorized access or extraction by adversaries.By ensuring the confidentiality of the transmitted data, the protocol significantly mitigates the risks associated with unauthorized key extraction or access to sensitive information.

Desynchronization attack
The proposed PUF-Based Mutual Authentication Protocol can also provide security against desynchronization attacks.A desynchronization attack aims to disrupt the synchronization between the device and the server, potentially leading to authentication failures or unauthorized access.Permanent authentication failure requires an unauthorized impersonation.More precisely, to launch such a desynchronization attack, an attacker would need to disrupt the synchronization between the device and the server by impersonating one of them.Given that the proposed protocol is secure against replay attacks and impersonation attacks the protocol does not suffer from this attack.In addition, in the protocol, the mutual authentication process involves the exchange of random numbers between the device and the server.These random numbers are crucial for establishing a secure session key and ensuring the freshness of the communication.In addition, if a desynchronization occurs due to the blocking of the last message, it can be synchronized again, because the device keeps the history of old IDS.However, the security of the protocol relies on the assumption that both parties faithfully execute the protocol steps.Any deviation or failure to correctly follow the protocol would likely result in authentication failure or termination of the session which is not the subject of this analysis

PUF-CRP extraction
The protocol leverages the security of the embedded PUF to generate unique responses.To enhance the reliability of these responses, a fuzzy extractor is employed.This mechanism significantly increases the difficulty for an attacker to extract the PUF-CRP (Challenge-Response Pair) and impersonate a device.Importantly, neither C x nor R x are transmitted in plain text during the protocol execution, and they are always masked to provide an additional layer of protection against potential attacks, including modeling attacks.

Man-in-the-middle attacks
The proposed PUF-Based Mutual Authentication Protocol provides security against Man-in-the-Middle (MitM) attacks.A Man-in-the-Middle attack occurs when an adversary intercepts and manipulates the communication between the device and the server, impersonating each party to establish a false sense of trust.Given that the proposed protocol is secure against impersonation attacks it does not suffer from MitM also.In addition, the protocol includes a challenge-response mechanism during the mutual authentication phase.The device and the server exchange random numbers and perform cryptographic operations based on these values.This process ensures that both parties can verify each other's authenticity and integrity.By verifying the exchanged values, the device and the server can detect any tampering or modifications introduced by an attacker attempting a Man-in-the-Middle attack.Moreover, the protocol utilizes the Ascon cipher suite, specifically Ascon-128, for encryption and decryption.Ascon provides strong cryptographic primitives, including symmetric encryption and authentication, to protect the confidentiality and integrity of the communication.These cryptographic operations ensure that the exchanged messages cannot be tampered with or modified by an attacker without being detected by the recipient.

Privileged insider adversaries
The protocol assumes that the trusted entity is honest and does not leak any confidential information.As long as the trusted entity maintains the confidentiality of the device record, i.e. {C x , R ′ x , ID x , Help x } , privileged insider attacks are mitigated.

Pandemic attack
The security of the proposed PUF-Based Mutual Authentication Protocol against pandemic attacks is ensured by design.Since the transferred messages are the sole parameters specific to each device, compromising one device does not impact the security of other devices.This property ensures that the protocol remains secure even if an attacker gains unauthorized access to one device, preventing the spread of security breaches to other devices.

Traceability attack
The proposed protocol ensures the absence of traceability of devices or sessions, thereby enhancing privacy and security.Specifically, by excluding IDS and relying on session-dependent ephemeral keys R D and R S , all trans- ferred messages are either fresh or influenced by these session-specific keys.Additionally, IDS is updated after each successful session, further preventing the adversary from linking two successful sessions or identifying a participant device across independent successful sessions within the protocol.
However, it is important to note that if a device has not participated in a successful session, its IDS remains unaffected and can be traced.Furthermore, the device retains the old record of IDS to avoid desynchronization.Consequently, the adversary possesses the ability to trace the device after a single successful session, but not beyond that.

Performance and security comparison
In Table 2, we present a security comparison of the proposed protocol with its predecessors, namely EV-PUF and PLAKE, based on the conducted security analysis in this study.It is clear the proposed protocol provides better security compared to those protocols.3.This comparison follows the approach outlined in 39 , where an Arduino UNO is used as the testbed.The table includes timings for the hash function ( T h ), PUF invo- cation ( T PUF ), two ECC scalar-multiplications ( T ECC ), a double scalar-multiplication ( T 2ECC ), and symmetric encryption ( T Es ).We assume Ti ECC ≈ 21 ms, Ti 2ECC ≈ 26 ms, Ti h ≈ 3 ms for SHA-256, and T Es = 3.7 ms.The time for a PUF invocation ( Ti PUFn ) is assumed to be equal to Ti h .Following 40 , we approximate Ti FHD.GEN and Ti FHD.REC to be 10 × Ti PUF and 30 × Ti PUF , respectively.
Based on the presented results, the computation and communication of the proposed protocol appear to be reasonable, e.g. it has the lowest communication overhead among the compared protocols.However, it is important to note that the reliability of the PUF response is not perfect.Therefore, it is necessary to incorporate auxiliary functions such as a fuzzy extractor to ensure a reliable output.On the other hand, some references may consider the PUF as ideal and reliable in their analyses.However, in practical implementations, the inclusion of auxiliary functions increases the overall expected time for these schemes.This is due to the additional processing required for the application of the mentioned auxiliary function.

Conclusion
In this paper, we analyzed two PUF-based security protocols, PLAKE, a mutual authentication protocol for IoT systems, and EV-PUF, an authentication protocol for dynamic charging systems of electric vehicles.Specifically, we show that PLAKE and EV-PUF are subject to a variety of attacks that can compromise the security of the systems they are designed to protect, including spoofing and key compromise attacks.It is worth noting that the proposed attack against PLAKE can extract the shared secret key with negligible cost and computation simply by eavesdropping on two consecutive sessions.The proposed attack against EV-PUF is also efficient.Furthermore, we show that compromising a single client with the EV-PUF protocol can compromise the security of the entire network, making it vulnerable to pandemic attacks.
This study highlights that incorporating a promising component into a protocol may not guarantee its security.Besides secure primitives, the message structure also requires careful design to minimize the adversary's advantage.In the case of PLAKE, the freshness of the protocol is not equally dependent on the contributions of the entities involved.A previous study 5 demonstrated that such protocol is vulnerable to impersonation attacks, which also applies to PLAKE.To mitigate such attacks, all protocol parties must contribute to the protocol's randomness or utilize timestamps.
Through the cryptanalysis of PLAKE and EV-PUF protocols, the research reveals significant vulnerabilities that compromise the security of these authentication schemes and highlight the need for enhanced security protocols.As a step in this direction, the research presents an improved PUF-based authentication protocol that addresses the identified vulnerabilities in PLAKE and EV-PUF.The proposed protocol mitigates the risks of impersonation attacks, key leakage, and pandemic attacks, providing stronger security guarantees for IoT systems or electric vehicle charging systems.
Overall, the research contributes to the field of PUF-based authentication protocols by identifying vulnerabilities in existing schemes and proposing an improved protocol that enhances security and resilience against various attack vectors.

Figure 1 .
Figure 1.Mutual authentication phase of the proposed protocol.

Table 1 .
List of used notations.
User registrationDuring the user registration, the user generates a random password PW u and identifier ID u and forwards them to TSP.The TSP computes i = H(PW u �ID u ) , selects a secret P and a random number z, computes L = H(i�P) and SID = H(z) and stores < ID u , P, SID > in a smart-card SC and < L, P, SID > in EV.EV registrationTo register an EV, it selects a random identifier ID EV and a random number R EV to compute PID EV = H(ID EV �R EV ) and Y EV = R EV ⊕ H(ID EV ) and send < PID EV > to TSP.The TSP computes Q S = H(PID EV �SK EV ) and C EV = H(PID EV �W S ) .Next, < ID RCS i , ID RSU i , R S > is stored in a table entitled T EV and < PID EV , C EV , T R=1 > is stored in a table entitled T C .Then, it produces two challenges C i and C x and sends < C i , C x , W S , T EV , H(SK RSU i ) > to EV.The EV computes X s = W S ⊕ PID EV and C EV = H(PID EV �W S ) and stores X S instead of W S .Then, it selects a random key r RCS. Vol:.(1234567890)Scientific Reports | (2023) 13:21702 | https://doi.org/10.1038/s41598-023-48464-zwww.nature.com/scientificreports/ PID EV = H(ID EV �R EV ) and W S = X S ⊕ PID EV and verify whether C EV = H(PID EV �W S ) .Next, ID RSU i and R S are taken from T EV to extract Q S = R S ⊕ PID EV .Then, two random values RN 1 and RN 2 are generated to calculate B = PID EV ⊕ H(ID RSU i �n − 1�H(SK RSU property of EV-PUF.Assuming that the adversary has k i and the transferred data over the public chan- nel, it does the following computations: which is enough to recover the session key SK = H(RN 2 �RN 3 �R 1 i �R 2+ i ) .Hence, despite the designers' claim, this protocol does not meet forward secrecy.

Table 2 .
Security comparison of the improved protocol to EV-PUF and PLAKE, where Imp.